Rydian said:
Maybe it just hasn't been tested because it just came into being?
'Cause you know if you ask if a site has passed a certification, and it hasn't been tested, then the answer will be no because it has to be tested first.
You can get tested and the certificate the very same day, in fact, 10 seconds after you finish the test. the questions are all either "Yes" or "No" only excluding the scans that are required for an internet account and unless if you own a POS system, but most places don't own a POS system (you usually only see a POS system at a Supermarket or a large chain restaurant)
besides, you would want to become PCI compliant before your business goes live. Also, just like carfax, you should be able to ask the store directly to "show me the PCI compliance certificate"
and FYI, your store doesn't need to be accepting transaction at the moment to get PCI compliance. you can do it soon as you open a "legible" merchant account for accepting credit cards. these guys are accepting credit cards, but not by meaning of opening up a merchant account. they are getting the card information in full and typing it up directly themselves, which isn't the proper way to accept payment through PCI-DSS, especially for a level 4 merchant. Level 1 merchant, like Amazon, is a bit different.
when you open up a merchant account, the credit card processors will tel you that you need to get a PCI compliance, especially since there are fees involved if you're not (none of the fees are pocketed go to the processing company, not a penny, so they will tell you because it doesn't benefit them), unless if the salesman is shady or the processing company itself is; which you would not to be dealing your cards with anyway.
